FG-ACE-IAD-4-GW - Traffic Rules - LuCI

FG-ACE-IAD-4-GW

Wizard
Network
- Interfaces
- WiFi
- Static ARP
- DHCP and DNS
- Hostnames
- IPv6 RA and DHCPv6
- Static Route
- Policy Route
- RIP
- Firewall
- Diagnostics
- VPN
- IPSec
- QoS
- Parent Control
- ACL
- Port Mirroring
- Port Bind
- Multi-WAN
Status
System
Services
- NTP Client
- 3G SMS
- Dynamic DNS
- Printer
- FTP Server
- Network Shares
- UPNP
- SSH Access
TR069
VoIP
Logout

Unsaved Changes: 4

Firewall - Traffic Rules

Traffic rules define policies for packets traveling between different zones, for example to reject traffic between certain hosts or to open WAN ports on the router.

Traffic Rules

Name	Match	Action	Enable	Sort

Allow-DHCP-Renew	IPv4-UDP From `any host` in `wan` To `any router IP` at port `68` on `this device`	`Accept input`
Allow-Ping	IPv4-ICMP with type `echo-request` From `any host` in `wan` To `any router IP` on `this device`	`Accept input`
Allow-DHCPv6	IPv6-UDP From IP range `FE80:0:0:0:0:0:0:0/10` in `wan` with source port `547` To IP range `FE80:0:0:0:0:0:0:0/10` at port `546` on `this device`	`Accept input`
Allow-ICMPv6-Input	IPv6-ICMP with types `echo-request`, `echo-reply`, `destination-unreachable`, `packet-too-big`, `time-exceeded`, `bad-header`, `unknown-header-type`, `router-solicitation`, `neighbour-solicitation`, `router-advertisement`, `neighbour-advertisement` From `any host` in `wan` To `any router IP` on `this device`	`Accept input` and limit to `1000` pkts. per `second`
Allow-ICMPv6-Forward	IPv6-ICMP with types `echo-request`, `echo-reply`, `destination-unreachable`, `packet-too-big`, `time-exceeded`, `bad-header`, `unknown-header-type` From `any host` in `wan` To `any host` in `any zone`	`Accept forward` and limit to `1000` pkts. per `second`
wan-http	Any TCP From `any host` in `wan` To `any router IP` at port `80` on `this device`	`Accept input`
tr069	Any TCP From `any host` in `wan` To `any router IP` at port `51005` on `this device`	`Accept input`
wan-rip	Any UDP From `any host` in `wan` To `any router IP` at port `520` on `this device`	`Accept input`
-	Any IGMP From `any host` in `wan` To `any router IP` on `this device`	`Accept input`
-	IPv4-UDP From `any host` in `wan` To IP range `224.0.0.0/4` in `lan`	`Accept forward`
-	Any TCP From `any host` in `lan` To `any router IP` at port `9100` on `this device`	`Accept input`
openwan	IPv4-TCP+UDP From `any host` in `wannatoff` To `any host` in `lan`	`Accept forward`
natoff-http	Any TCP From `any host` in `wannatoff` To `any router IP` at port `80` on `this device`	`Accept input`

Open ports on router:
Name	Protocol	External port

New forward rule:
Name	Source zone	Destination zone

Source NAT

Source NAT is a specific form of masquerading which allows fine grained control over the source IP used for outgoing traffic, for example to map multiple WAN addresses to internal subnets.

Name	Match	Action	Enable	Sort

This section contains no values yet

New source NAT:
Name	Source zone	Destination zone	To source IP	To source port